Curriculum
Course: Cyber Security
Login

Curriculum

Cyber Security

Text lesson

Decrypting Traffic

Many firewalls support the installation of certificates to enable traffic decryption, allowing for threat inspection.

Decryption can occur on both ingress and egress traffic. For ingress traffic, the firewall protects servers from incoming threats, while for egress traffic, it safeguards users and systems communicating outward.

img_firewall-decrypt

The firewall typically avoids decrypting traffic related to healthcare and financial data due to privacy and other implications. Decrypting traffic also necessitates additional effort from the organization to distribute keys to clients, which the firewall uses for decryption.

Note: Recall that egress traffic refers to data leaving the network, while ingress traffic pertains to data entering the network.

Unknown Traffic

Some traffic cannot be decrypted or fully understood by the firewall. This may occur for various reasons, such as proprietary applications transmitting data that the firewall cannot recognize. Such traffic may be categorized as “unknown.” Firewall administrators should consider blocking these applications, particularly on networks deemed high-risk.

unknown traffic

WAF (“Web Application Firewall”)

While firewalls are effective, they often lack a comprehensive understanding of specific protocols. This limitation has led to the development of protocol-specific firewalls, with Web Application Firewalls (WAF) being among the most common.

WAFs offer features tailored to the HTTP protocol, enhancing their ability to block threats. In addition to threat prevention, WAFs provide several valuable utilities for organizations, including:

  • Redundancy: WAFs can manage multiple servers offering the same service, allowing for high availability. This enables organizations to take a server offline for maintenance while keeping others operational, ensuring continuous service access during updates.
  • Enforcement of Best Practices: WAFs serve as a centralized point for maintaining and enforcing security measures such as encryption and multi-factor authentication.
  • Unified Protection: They can provide a single protective layer for multiple web servers located behind the WAF.
Note: WAFs are specialized firewalls designed to address threats specifically related to the HTTP protocol. They also typically include features that are highly convenient for administrators.